How Target’s Huge Hacking Could Finally Make Credit Cards Secure

Image: Getty

Checkout counters in the U.S. are an embarrassing technological backwater compared to those in most other developed countries, but this may finally be coming to an end. All it took was somebody hacking 40 million credit and debit cards.

Today, Target–the retail chain where all those cards were stolen–said that, starting in early 2015, all of its own credit and debit cards will be “chip-and-PIN-enabled.”

Chip-and-PIN systems, already widespread in Europe and elsewhere, rely on a microchip embedded in the card rather than the magnetic stripe still on the backs of almost all U.S. cards. Those stripes are easy for thieves to duplicate on dummy cards. The chips aren’t. The use of a PIN to verify identity rather than an illegible scrawl at the bottom of a receipt also makes such cards more secure.

More important than Target’s new cards will be the new terminals they install to read them

Chip-and-PIN alone won’t provide complete protection from the kind of massive theft that rocked Target customers at the height of the holiday shopping season. But Target’s commitment to an actual date will–we hope–create some much-needed mainstream momentum to push U.S. merchants toward this more secure technology. Come 2015, more important than Target’s new cards themselves will be the new terminals they install to read them.

Because credit card companies ultimately are on the hook when stolen cards are used fraudulently, the industry itself has set a deadline of October 2015 for U.S. merchants to install chip-and-PIN-ready terminals. After that date, merchants who don’t comply will have to eat the costs of transactions made with stolen cards themselves.

That sounds like a strong incentive, but especially for smaller merchants, the math might not look so convincing. The problem with the adoption of any new payment technology is chicken-and-egg. Spending the money on a new card-reading system, for instance, only makes sense if a lot of customers will use it. But customers will only use new payment tech if it’s easy and familiar. How does it become easy and familiar? If there are a lot of places they can use it.

Target has the reach to breed the familiarity that could drive the broader adoption of chip-and-PIN

By issuing lots of chip-and-PIN cards and installing lots of chip-and-PIN card readers, Target has decided to hatch that egg. According to the company, chip-and-PIN terminals will land in all of its nearly 1,800 stores by this September. This move will seed the U.S. retail landscape with card readers that non-Target cardholders can start to use when their card issuers start sending them chip-and-PIN cards. As one of the biggest retailers in the U.S., Target has the reach to breed the familiarity that could drive the broader adoption of chip-and-PIN.

The transition of the world’s largest consumer economy to a new way of paying for things will inevitably be rocky. Even in countries where chip-and-PIN is common, some cards still come with magnetic stripes as well, since otherwise the cards would be useless at stores that still haven’t made the switch. (We’ve reached out to Target to find out if its new cards will still have stripes.) But every big technological shift has to start somewhere, and it’s good that Target is moving aggressively to nudge that change forward. It’s just too bad that it took all those cards getting stolen to push Target into taking the lead.